https://www.mdu.se/

mdu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Evaluation of an OPC UA-based access control enforcement architecture
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB Industrial Automation, Process Control Platform, Västerås, Sweden.ORCID iD: 0000-0003-2488-5774
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. Alstom Rail AB, Västerås, Sweden.ORCID iD: 0000-0001-5293-3804
ABB Industrial Automation, Process Control Platform, Västerås, Sweden.
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.ORCID iD: 0000-0002-7235-6888
2024 (English)In: International Workshops which were held in conjunction with 28th European Symposium on Research in Computer Security, ESORICS 2023. The Hague 25 September 2023 through 29 September 2023. Code 309159, Springer Science+Business Media B.V., 2024, p. 124-144Conference paper, Published paper (Other academic)
Abstract [en]

Dynamic access control in industrial systems is becoming a concern of greater importance as a consequence of the increasingly flexible manufacturing systems developed within the Industry 4.0 paradigm. With the shift from control system security design based on implicit trust toward a zero-trust approach, fine grained access control is a fundamental requirement. In this article, we look at an access control enforcement architecture and authorization protocol outlined as part of the Open Process Communication Unified Automation (OPC UA) protocol that can allow sufficiently dynamic and fine-grained access control. We present an implementation, and evaluates a set of important quality metrics related to this implementation, as guidelines and considerations for introduction of this protocol in industrial settings. Two approaches for optimization of the authorization protocol are presented and evaluated, which more than halves the average connection establishment time compared to the initial approach.

Place, publisher, year, edition, pages
Springer Science+Business Media B.V., 2024. p. 124-144
Series
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics, ISSN 03029743 ; 14398
Keywords [en]
Access control enforcements, Control system security, Dynamic access control, Enforcement architectures, Fine grained, Implicit trusts, Industrial systems, Open process, Process communication, Security design
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:mdh:diva-64507DOI: 10.1007/978-3-031-54204-6_7ISI: 001207238300007Scopus ID: 2-s2.0-85187776017ISBN: 9783031542039 (print)OAI: oai:DiVA.org:mdh-64507DiVA, id: diva2:1804070
Conference
28th European Symposium on Research in Computer Security, ESORICS 2023
Available from: 2023-10-11 Created: 2023-10-11 Last updated: 2024-05-15Bibliographically approved
In thesis
1. Dynamic Access Control for Industrial Systems
Open this publication in new window or tab >>Dynamic Access Control for Industrial Systems
2023 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Industrial automation and control systems (IACS) are taking care of our most important infrastructures, providing electricity and clean water, producing medicine and food, along with many other services and products we take for granted. The continuous, safe, and secure operation of such systems are obviously of great importance. Future iterations of IACS will look quite different from the ones we use today. Modular and flexible systems are emerging, powered by technical advances in areas such as artificial intelligence, cloud computing, and motivated by fluctuating market demands and faster innovation cycles. Design strategies for dynamic manufacturing are increasingly being adopted. These advances have a fundamental impact on industrial systems at component as well as architectural level. 

As a consequence of the changing operational requirements, the methods used for protection of industrial systems must be revisited and strengthened. This for example includes access control, which is one of the fundamental cyber­security mechanisms that is hugely affected by current developments within IACS. The methods currently used are static and coarse-grained and therefore not well suited for dynamic and flexible industrial systems. A transition in security model is required, from implicit trust towards zero-trust, supporting dynamic and fine-grained access control. 

This PhD thesis discusses access control for IACS in the age of Industry 4.0, focusing on dynamic and flexible manufacturing systems. The solutions pre­sented are applicable at machine-to-machine as well as human-to-machine in­teractions, using a zero-trust strategy. An investigation of the current state of practice for industrial access control is provided as a starting point for the work. Dynamic systems require equally dynamic access control policies, why several approaches on how dynamic access control can be achieved in indus­trial systems are developed and evaluated, covering strategies for policy for­mulations as well as mechanisms for authorization enforcement. 

Abstract [sv]

Vi tar för givet att det alltid ska finnas el, rent dricksvatten, mat och läkemedel. Många av våra grundläggande behov tillgodoses tack vare produkter som är beroende av industriella styrsystem. Att skyddas dessa system ifrån störningar är följaktligen ytterst viktigt. 

Vi är mitt i ett teknikskifte som brukar kallas "Industri 4.0" och som innebär att framtidens industriella system kommer skilja sig avsevärt ifrån dagens. Förän­dringen drivs bland annat av nya krav och förväntningar, exempelvis på ko­rtare tid mellan ide och produktion, möjlighet att anpassa produktionen till snabba marknadsförändringar och tillverkning av individuellt anpassade pro­dukter. Flexibla och skalbara lösningar krävs för att kunna uppfylla dessa krav, till skillnad från dagens system som i allmänhet är utvecklade för massproduk­tion av en specifik produkt. 

Detta påverkar såväl hur produktionssystemen konstrueras som designen av varje ingående komponent. En konsekvens är att metoderna som används för att skydda dagens system måste anpassas och stärkas för att möta framtidens utmaningar. En grundläggande sådan säkerhetsfunktion är behörighetshanter­ing. Nuvarande behörighetshantering är inte tillräckligt flexibel och därmed dåligt anpassad till morgondagens dynamiska system. 

I denna doktorsavhandling undersöks behörighetshantering för framtidens industriella system, med fokus på de dynamiska produktionssystem som behövs för att uppfylla kraven kopplade till Industri 4.0. Med utgångspunkt från en enkätundersökning analyseras dagsläget. Förslag på flera olika tillvägagångssätt för dynamisk behörighetshantering presenteras och utvärderas, såväl med avseende på hur sådana regler kan formuleras som på hur de ska kunna upprätthållas. 

Place, publisher, year, edition, pages
Västerås: Mälardalen university, 2023. p. 222
Series
Mälardalen University Press Dissertations, ISSN 1651-4238 ; 391
Keywords
Cybersecurity, Industrial Automation and Control Systems, Industry 4.0, Access Control
National Category
Communication Systems Computer Systems Control Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-64527 (URN)978-91-7485-616-3 (ISBN)
Public defence
2023-12-08, Beta, Mälardalens universitet, Västerås, 13:00 (English)
Opponent
Supervisors
Projects
ARRAYInSecTT
Funder
EU, Horizon 2020, 876038Knowledge Foundation, ARRAY
Available from: 2023-10-12 Created: 2023-10-12 Last updated: 2023-11-17Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Leander, BjörnCausevic, AidaHansson, Hans

Search in DiVA

By author/editor
Leander, BjörnCausevic, AidaHansson, Hans
By organisation
Embedded Systems
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 69 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf